On Wed, 9 Nov 2016 15:23:11 +0900
Michael Paquier <michael.paquier@gmail.com> wrote:
>
> (This is about patch 0007, not 0001)
> Thanks, you are right. That's not good as-is. So this basically means
> that the characters here should be from 32 to 127 included.
Really, most important is to exclude comma from the list of allowed
characters. And this prevents us from using a range.
I'd do something like:
char prinables="0123456789ABCDE...xyz!@#*&+";
unsigned int r;
for (i=0;i<SCRAM_NONCE_SIZE;i++) { pg_strong_random(&r,sizeof(unsigned int))
nonce[i]=printables[r%(sizeof(prinables)-1)] /* -1 is here to exclude terminating zero byte*/
}
> generate_nonce needs just to be made smarter in the way it selects the
> character bytes.